CSC 2.0 said Thursday that of the 82 original recommendations, 80 percent are either nearly or fully implemented, an accomplishment reached through legislation, policy or other innovative means.
The reported achievements of the executive branch include the White House’s issuance of a new national security memorandum on critical infrastructure and resilience, the Office of the National Cyber Director’s having completed 33 of the 36 initial initiatives for the implementation of the National Cybersecurity Strategy and the Cybersecurity and Infrastructure Security Agency’s having been appointed as the national coordinator for critical infrastructure security and resilience.
For its part, the ostensible achievements of Congress include the passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which calls on CI entities to report cyber incidents to CISA; and the provision of funds to CISA and the ONCD through the fiscal year 2024 omnibus spending bill.
CSC 2.0 nevertheless noted that more work remains to be done, especially in light of increasing threats from nation-state adversaries and criminal organizations.
The NAVSEA said Friday the SPG, also known as “Bumblebee,” is intended to bolster the NSWC Crane’s ability to provide research, development, testing and evaluation data needed by systems designers and manufacturers.
NSWC Crane, which provides radiation testing support for the Navy Strategic Systems Programs, will utilize the new facility for testing multiple, concurrent and future nuclear modernization programs.
The new SPG system marks the initial phase of NSWC Crane’s $100 million radiation modernization initiative meant to provide a complete suite of strategic radiation environment requirements for microelectronics.
Angela Lewis, SES and technical director at NSWC Crane, expressed delight over the new SPG facility, saying, “This is a critical capability that will ensure continued resilience for the Department of Defense and the United States. Radiation-hardened microelectronics are a key enabling technology for Missile Defense, Nuclear Modernization, and Space missions. This new facility will provide important capacity to support testing for multiple, concurrent, and future nuclear modernization programs.”
Dev Shenoy, principal director for Microelectronics at the Office of the Under Secretary of Defense for Research and Engineering, described the new capability as an important step toward validating and verifying critical technologies in radiation environments.
“NSWC Crane has a strong understanding of radiation effects and expertise required in order to ensure proper execution of these deliverables,” said Shenoy.
Harris joins the FHFA after six years at the U.S. Small Business Association, where he served as CISO and then as director of cybersecurity operations.
The information technology and cybersecurity executive also held the CISO position at the Department of the Navy.
Before that, Harris was with the Office of Naval Intelligence as deputy chief information officer for information assurance and cybersecurity and then director of defensive cyber operations while also serving as chief of the ONI Cyber Incident Response Center.
Harris also spent time at the Department of Homeland Security as the deputy director for IT applications.
Before joining DHS, Harris worked as the senior security architect at Camber Corporation, which was acquired in 2016 by Huntington Ingalls Industries. He was also with General Dynamics for five years as a senior staff member of architecture, integration and engineering.
Earlier in his career, Harris served in the U.S. Army as a network switching systems operator and maintainer.
The bipartisan effort to advance House legislation that would repeal a pair of controversial tax rules that negatively impact some federal workers’ retirement income took another step forward last week as the bill’s sponsors compiled the 218 signatures needed to force a House vote on the measure.
It took Reps. Abigail Spanberger, D-Va., and Garret Graves, R-La., less than two weeks to compile the requisite signatures to require House Speaker Mike Johnson to schedule a vote on the Social Security Fairness Act (H.R. 82), a measure aimed at eliminating Social Security’s windfall elimination provision and government pension offset. Prior to launching the discharge petition drive, the bill already had more than 300 cosponsors.
The windfall elimination provision reduces the Social Security benefits of retired employees who spent a portion of their careers in the private sector in addition to a federal, state or local government position where Social Security is not intended as an element of their retirement income, such as the Civil Service Retirement System. And the government pension offset reduces spousal and survivor Social Security benefits in families with retired government workers.
The windfall elimination provision reduces the Social Security benefits of around 2 million former civil servants, while the GPO affects nearly 800,000 retirees.
There is now a seven-day “layover period” following the petition’s success, which ends Thursday, after which one of the sponsors may call for a vote on the bill on the second or fourth Monday of the month. But with Congress in recess for all of October in anticipation of the 2024 election, the earliest that it could be called up is in November.
“From Virginia to Louisiana to everywhere else in America, millions of retired public servants have waited more than 40 years for their elected officials to tackle this fundamental issue of fairness,” Spanberger and Graves said in a joint statement last week. “These retirees deserve the benefits they earned through their hard work—and they deserve to see the WEP and GPO eliminated. Over the past week, we’ve demonstrated that both Democrats and Republicans—from across the political spectrum—understand that the time is now to remove these penalties.”
Even if the House successfully votes to pass the measure, the bill’s sponsors will find an uphill climb in the Senate. Though companion legislation in that chamber has 63 cosponsors—enough to break the filibuster—there are just two months between Election Day and the end of the congressional session, and lawmakers anticipate much of that time to be tied up with negotiations to fund the government.
Federal employee groups, for their part, lauded the lawmakers’ efforts and urged senators to quickly take up the measure if it advances.
“WEP and GPO penalize hardworking Americans for serving their communities, states and country, simply because they earned a pension through that service,” said Bill Shackelford, national president of the National Active and Retired Federal Employees Association. “With 218 signatures on the discharge petition to bring H.R. 82, the Social Security Fairness Act, to the House floor, public servants will finally get the vote they deserve.”
“NTEU appreciates all of the hard works Reps. Graves and Spanberger have done leading on H.R. 82 and we want to thank every member of Congress who signed onto the discharge petition, said National Treasury Employees Union National President Doreen Greenwald. “We look forward to seeing the full House finally vote to repeal the windfall elimination provision and government pension offset.”
A review of the compliance with the Office of Management and Budget’s five key cloud procurement requirements also found that one-third of the agencies did not have guidance to ensure continuous visibility in systems that process high-value information or serve a critical function in maintaining the security of the civilian enterprise, according to a GAO report released on Friday.
The OMB established the procurement requirements in 2019 under its Cloud Smart Strategy as agencies shift their IT services to cloud services.
Agency officials said guidance had not been developed because they had used SLAs provided by the cloud service providers, relied on standard acquisition practices and included the procurement requirement in their contracts, among other reasons.
GAO said the CIO Council could collect and share examples of guidance on cloud SLAs and contract language from agencies that have met the OMB requirements to help other organizations improve cloud service procurement activities.
The government watchdog also made 46 recommendations to 18 agencies, including the Departments of Agriculture and Commerce, to develop or update guidance related to OMB’s Cloud Smart procurement requirements.
Congressional leaders have reached a deal to keep federal agencies funded through mid-December, announcing plans to vote this week on a bill to avert a shutdown that would otherwise take place next week.
The agreement, announced by House Speaker Mike Johnson, R-La., on Sunday, comes after House Republicans for weeks suggested they would not back a short-term funding measure unless congressional Democrats and the White House agreed to certain partisan demands. The continuing resolution, which would keep agencies funded through Dec. 20, will likely receive bipartisan support but can still fall victim to individual lawmakers disrupting it from reaching President Biden’s desk on an expedited timeline.
Johnson agreeing to a stopgap CR without added provisions comes over the objections of former President Trump, who instructed Republicans to reject any funding deal if it did not include legislative provisions to address his unsubstantiated claims of widespread voting from non-citizens. The House voted last week on a six-month CR that included the Safeguard American Voter Eligibility (SAVE) Act, but more than a dozen Republicans joined Democrats in defeating it.
“Since we fell a bit short of the goal line, an alternative plan is now required,” Johnson said, adding the CR would be “clean” and prevent the Democratic-controlled Senate from forcing the House to on a stopgap that included billions of dollars in new provisions. “Our legislation will be a very narrow, bare-bones CR including only the extensions that are absolutely necessary.”
Johnson explained that, as many House and Senate Republicans have warned in recent weeks, the agreement was the only “prudent path forward” as it would be an “act of political malpractice” to allow a shutdown to occur so close to a presidential election.
Last week, Trump posted on Truth Social that Republicans “should not agree to a continuing resolution in any way, shape, or form” if it did not include the SAVE Act.
Senate Majority Leader Chuck Schumer, D-N.Y., said the agreement came together after four days of bipartisan, bicameral negotiations.
“While I am pleased bipartisan negotiations quickly led to a government funding agreement free of cuts and poison pills, this same agreement could have been done two weeks ago,” Schumer said. “Instead, Speaker Johnson chose to follow the MAGA way and wasted precious time.”
Now, Schumer added, Congress must act quickly to wrap up its work on the CR this week.
“The key to finishing our work this week will be bipartisan cooperation, in both chambers,” he said.
While the bill would largely continue agency funding at their fiscal 2024 levels, it would include some “anomalies,” including $231 million to the U.S. Secret Service for its protective mission. The agency has faced additional scrutiny and pressure to ramp up its efforts after two failed assassination attempts on Trump in recent months. The measure also prevents agencies from furloughing or terminating employees due to budget shortfalls, includes additional funds for the Office of Personnel Management to set up a new health benefits program for the U.S. Postal Service and adds spending for transition activities at the White House, General Services Administration and the National Archives and Records Administration.
Sen. Patty Murray, D-Wash., who chairs the House Appropriations Committee, said the CR represented a bipartisan compromise and Congress should work quickly to avoid a “needless and disastrous government shutdown.”
If Congress is able to get the bill to Biden’s desk before Oct. 1, it will then face a new deadline just before the holidays. Focus will turn to full-year funding measures after the election, though the House and Senate remain deeply divided on a path forward. The House has passed six of the 12 required annual spending bills, though it has done so in party-line votes and at spending levels below what Republicans and the White House previously agreed to as part of a two-year budget deal. The Senate has passed 11 of its 12 bills using higher funding totals in overwhelmingly bipartisan votes at the committee level, though none have been approved on the floor.
“There are so many urgent national priorities that still must be addressed in our full-year funding bills,” Murray said. “I will be working closely with colleagues on both sides of the aisle to ensure we get the job done before the end of the year.”
The Department of Commerce said Thursday the grants, the first award for the CHIPS Research and Development Office, are intended for researching concepts and developing products or services that will benefit the commercial microelectronics marketplace.
The grants also align with the administration’s efforts to provide small businesses the opportunity to succeed in their respective industries.
U.S. Secretary of Commerce Gina Raimondo, said, “As we grow the U.S. semiconductor industry, the Biden-Harris Administration is committed to building opportunities for small businesses to prosper. With today’s awards, these 17 businesses will support CHIPS for America’s efforts to grow the U.S. semiconductor ecosystem and support our national and economic security.”
The SBIR Phase I awardees were chosen from proposals sent through a notice of funding opportunity. They will be considered for the SBIR Phase II award, which will be held in Spring 2025.
The U.S. government’s top auditing shop will release a report about the use of legacy equipment in the Federal Aviation Administration by the end of this month, according to a person familiar with the matter.
The Government and Accountability Office is unveiling its findings to help shed light on government agencies’ struggles with older technology, said the person, who asked not to be identified in order to share news of the coming findings.
GAO “looked at the FAA’s Air Traffic Control systems that are unsustainable, whether the FAA had associated modernization efforts, and the FAA’s oversight efforts,” Kevin Walsh, the auditing agency’s information technology and cybersecurity team director, said in an email.
“We could not comment on a report that has not been issued,” an FAA spokesperson said.
Legacy equipment has been a prevailing issue in modern government systems, said Rob Joyce, the former head of the NSA’s cybersecurity directorate. Besides stolen credentials or compromised passwords, outdated IT creates pathways for hackers to break into federal networks, he said.
Civilian agencies across the government have some degree of legacy IT equipment, said Mark Weatherford, the former undersecretary for cybersecurity at DHS.
Agencies have often used compensating controls — security privacy measures that are implemented when agencies can’t directly meet the most up-to-date cyber or IT standards — but they’re not permanent solutions to legacy systems, Weatherford added.
“[Compensating controls] extends the problem because eventually, they will have to replace them, but we spend a lot of money just patching old systems that a modernization effort would probably help alleviate,” he said. Both Weatherford and Joyce sit on the public sector advisory board for Tenable, a cybersecurity firm based in Maryland.
Much of the FAA’s infrastructure, including radar systems and communication networks, may be reliant on outdated technology that struggles to meet modern air traffic demands. The White House’s FY2025 FAA budget request includes $8 billion over five years for facility replacement and radar modernization. It also requests $140 million for its Enterprise Network Services program, which the agency says can help with cybersecurity and resilience needs.
The request is probably a “fair ask,” Joyce said, because the FAA’s cybersecurity and IT staff have likely assessed internal equipment and determined that the requested amount will put the aviation agency in its best position to overhaul their systems.
“The CIO and CISOs in this environment want to be secure,” Joyce said. “But that runs into the reality of budgets, and so a key portion of this is getting attention on the problem, and then leadership — both in the executive branch and Congress — working to say ‘we’re going to prioritize reducing this risk.’”
Aviation cybersecurity became a top-of-mind issue in recent weeks after Washington State’s Seattle-Tacoma International Airport was subjected to a ransomware attack after hackers breached the Port of Seattle’s systems and demanded some $6 million in a ransom payment. A Sea-Tac official and others testified before the Senate Commerce Committee this week about the incident.
“The FAA, like many other agencies, is a communications and safety organization. Modernization in this case means more than just equipment updates — it means a pivot to becoming a software-led organization, where technology is built-in,” Joel Krooswyk, federal CTO at GitLab, said in an email.
Nation-state hackers like China’s infamous Volt Typhoon collective have shown interest in breaching aviation systems, which are considered critical infrastructure under current U.S. government standards, Joyce noted.
Modernizing these systems will be key for adapting to cyber threats, Weatherford said, because hacking groups can quickly and more easily innovate on their exploits today compared to even just a few years ago. “[Legacy systems] are a threat that, not just the government, but every private sector company on the face of the earth should be concerned about,” he said.
The FAA itself is in the midst of a rulemaking designed to shore up the cybersecurity of aircraft and aviation equipment. Comments on the proceeding are due in late October with a final rule expected sometime in 2025.
The Defense Advanced Research Projects Agency will collaborate with Canadian and U.K. defense agencies to research, develop, test and evaluate artificial intelligence tools, cybersecurity systems and information domain-related technologies.
DARPA said Friday the collaboration seeks to reduce technological risks to accelerate the transition of new capabilities into operational use.
“The trilateral collaboration is a big step toward enhancing our understanding in the outlined R&D thrust areas. Working with our international partners on science and technology helps us all leverage each other’s individual strengths in order to develop much greater collective capability,” said Stefanie Tompkins, director of DARPA and a 2024 Wash100 awardee.
One of the projects being pursued by the trilateral partnership is the Cyber Agents for Security Testing and Learning Environments program — a.k.a. CASTLE — which seeks to train AI to autonomously defend networks against persistent cyberthreats.
The collaboration is also developing trustworthy AI tools and advancing rapid software certification, among other research and development areas.
Register now to attend the Potomac Officers Club’s GovCon International Summit on Oct. 10. Speakers will discuss how international partnerships, emerging technologies and coalition warfare are reshaping the defense landscape and how the U.S. can stay ahead of the curve.
The Senate Homeland Security and Governmental Affairs Committee passed a proposal to require the Office of Management and Budget to establish a service delivery lead out of committee on Wednesday.
The Government Service Delivery Improvement Act would also require agencies to tap a senior lead for customer experience improvements. It’s backed by Reps. Ro Khanna, D-Calif., Byron Donalds, R-Fla., Barry Loudermilk, R-Ga., and William Timmons, R-S.C.
It already passed the full House in May. The committee approval doesn’t guarantee the measure will get a vote in the full Senate, but it is one step closer to passage.
“This bill will make it easier for Americans to access essential federal services from Social Security to Medicare to veterans’ benefits by designating officials to drive changes and increasing coordination across the government,” Khanna said in a statement when the bill passed the House. “The federal government has an obligation to deliver quality services efficiently and effectively and this bill will make good on that.”
The proposal has the support of some trade groups and government efficiency organizations, though it’s not the only CX proposal that lawmakers have been considering. A different, Senate-based proposal would require agencies to develop customer service plans.
The Senate committee also moved a technology transparency bill focused on the General Services Administration to full floor consideration this week.
The GSA Technology Accountability Act, from Reps. Pete Sessions, R-Texas, and Gerry Connolly, D-Va., would require GSA to give lawmakers an annual list of the work done through the Federal Citizen Services Fund and Acquisition Services Fund. That legislation also passed the House in May.
The House Oversight and Accountability Committee also had a markup Wednesday that advanced a procurement reform bill, the Federal Improvement in Technology Procurement Act, that originated with Sens. Gary Peters, D-Mich., and Ted Cruz, R-Texas, as well as the SHARE IT proposal from the same pair, meant to make agencies share custom code with one another.
